##                     ##
#   BruteSSH Monitor    #
#     Author:Plaix      #
##                     ##

import commands
from time import strftime
import time


#if it's bigger then 4 it's a bruteforce
class monSSHbrute():
    def __init__(self):
        self.name="SSH BruteForce Monitor"
        self.result=""
        self.type="BRUTE"
        self.current_brute=""
    def check(self):
        self.cmd="tail -12 /var/log/auth.log | grep \"invalid user\" | cut -d \" \" -f1-3,13"
        current=[]
        temp=commands.getoutput(self.cmd)
        current=temp.split('\n')
        self.brutecount=0
        for line in current:
            line=line.split()
            try:
                if(line[3]==self.result):
                        self.result=line[3]
                        self.brutecount+=1
                if(self.brutecount>=5):
                    if(self.current_brute==self.result):
                        return 0
                    else:
                        self.current_brute=self.result
                    return 1
                else:
                    self.result=line[3]
            except:
                return 0
